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Amendments to the Claims 
Please amend claims 1, 4-5, 8, 10-12, 16, 21, 24-25, 28, 30-32, 36, 41, 44^45, 48, 50-52, 
and 56 as follows: 

1 . (Currently Amended) A computer-implemented method for visualizing super- 
user privileges in a computer operating system including multiple virtual private server, the 
method comprising: 

associating a user with a first virtual private server, the first virtual private server 
comprising a first plurality of actual processes executing within the same 
operating system as a sec ond plurality of actual processes comp ri sing a second 
virtual private server : 

designating the user as a virtual super-user, 

intercepting a call to the operating system for which actual super-user privileges are 

required, the call made by a process located in the compute* operating system, the 

process owned by the user; and 
in response to the intercepted call to the operating system pertaining to the first virtual 

private server assooiatod with tho uso g : 

granting actual super-user privileges to the user; and 

allowing execution of the call to the operating system, 

2, (Previously Presented) The method of claim 1 , further comprising: 
withdrawing the actual super-user privileges from the user after execution of the call to 
the operating system. 
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3. (Previously Presented) The method of claim 1 , wherein designating comprises: 
assigning a virtual super-user identifier to the user. 

4. (Currently Amended) The method of claim 3, wherein the virtual super-user 
identifier comprises a super-user identifier and an indication of the first virtual private server. 

5. (Currently Amended) The method of claim 1 , wherein designating comprises: 
assigning a user identifier to the user; and 

storing the user identifier and an indication of the first virtual private server o£the usor in 
a virtual super-user list. 

6. (Previously Presented) The method of claim 1 7 wherein granting comprises: 
assigning a super-user identifier to the user. 

7. (Previously Presented) The method of claim 1 , wherein the intercepted call to the 
operating system comprises a call to the operating system for accessing a file. 

8. (Currently Amended) The method of claim 7, wherein the intercepted call to the 
operating system pertains to the first virtual private server associated with tho uoor when the file 
to be accessed is associated with the first virtual private server. 

9. (Previously Presented) The method of claim 1 , wherein the intercepted call to the 
operating system comprises a call to the operating system for terminating a process. 
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1 0. (Currently Amended) The method of claim 9, wherein the intercepted call to the 
operating system pertains to the first virtual private server as s e oiated with the noor when the 
process to be terminated is associated with the first virtual private server. 

1 1 . (Currently Amended) The method of claim 1 , wherein the intercepted call to the 
operating system comprises a call to the operating system for terminating all processes associated 
with the first virtual private server, the method further comprising: 

identifying each process associated with the first virtual private server; and 
terminating each identified process. 

12. (Currently Amended) The method of claim 1 1 , wherein a data structure stores 
associations between processes and virtual private servers, and wherein identifying comprises: 

identifying each process by its association with the first virtual private server in the data 
structure. 

13. -15. (Cancelled) 

1 6, (Currently Amended) The method of claim 1 , further comprising: 

responsive to the intercepted call to the operating system not pertaining to the first virtual 

private server associated with tho user, disallowing execution of the call to the 

operating system. 
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17. (Previously Presented) The method of claim 1 , further comprising: 
responsive to the intercepted call to the operating system comprising a call to the 

operating system for inserting a module into an operating system kernel, 
disallowing execution of the call to the operating system. 

1 8 . (Previously Presented) The method of claim 1 , wherein allowing comprises: 
executing the call to the operating system. 

19. (Previously Presented) The method of claim 1, wherein intercepting the call to the 

operating system comprises: 
loading a system call wrapper, 

saving a pointer to the call to the operating system; and 

replacing the pointer to the call to the operating system with a pointer to the system call 
wrapper, such that the system call wrapper is executed when the call to the 
operating system is invoked. 

20. (Previously Presented) The method of claim 19, wherein the pointer to the first call 
to the operating system comprises a system call vector. 

2 1 . (Currently Amended) A computer program product for visualizing super-user 
privileges in a computer operating system including multiple virtual private servers, the computer 
program product comprising: 
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program code for associating a user with a first virtual private server, the first virtual 

private server comprising a first plurality of actual processes executing within the 
same operating system as a second plurality of actual processes comprising a 
second virtual private server 

program code for designating the user as a virtual super-user; 

program code for intercepting a call to the operating system for which actual super-user 
privileges are required, the call made by a process located in the computer 
operating system, the process owned by the user; and 

program code for granting actual super-user privileges to the user, and allowing execution 
of the call to the operating system, in response to the intercepted call to the 
operating system pertaining to the first virtual private server associated with tho - 

22. (Previously Presented) The computer program product of claim 21 , further 

comprising: 

program code for withdrawing the actual super-user privileges from the user after 
execution of The call to the operating system. 

23. (Previously Presented) The computer program product of claim 21, wherein 
program code for designating comprises: 

program code for assigning a virtual super-user identifier to the user. 
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24. (Currently Amended) The computer program product of claim 23, wherein the 
virtual super-user identifier comprises a super-user identifier and an indication of the first virtual 
private server. 

25 . (Currently Amended) The computer program product of claim 2 1 , wherein 
program code for designating comprises: 

program code for assigning a user identifier to the user; and 

program code for storing the user identifier and an indication of the first virtual private 
server of tho usor in a virtual super-user list. 

26. (Previously Presented) The computer program product of claim 21, wherein 
program code for granting comprises: 

program code for assigning a super-user identifier to the user, 

27. (Previously Presented) The computer program product of claim 21 , wherein the 
intercepted call to the operating system comprises a call to the operating system for accessing a 
file. 

28 . (Currently Amended) The computer program product of claim 27, wherein the 
intercepted call to the operating system pertains to the first virtual private server associated with 
fo e u s e r when the file to be accessed is associated with the first virtual private server. 
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29. (Previously Presented) The computer program product of claim 2 1 , wherein the 
intercepted call to the operating system comprises a call to the operating system for terminating a 
process, 

30. (Currently Amended) The computer program product of claim 29, wherein the 
intercepted call to the operating system pertains to the first virtual private server asoooiatod with 
&KH*sef when the process to be terminated is associated with the first virtual private server. 

3 1 . (Currently Amended) The computer program product of claim 21 7 wherein the 
intercepted call to the operating system comprises a call to the operating system for terminating 
all processes associated with the first virtual private server, the computer program product further 

comprising: 

program code for identifying each process associated with the first virtual private server, 
and 

program code for terminating each identified process. 

32. (Currently Amended) The computer program product of claim 31, wherein an 
association data structure stores associations between processes and virtual private servers, and 
wherein program code for identifying comprises: 

program code for identifying each process by its association with the first virtual private 
server in the association data structure. 

33. -35. (Cancelled) 
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36. (Currently Amended) The computer program product of claim 2 1 , further 

comprising: 

program code for disallowing execution of the call to the operating system in response to 
the intercepted call to the operating system not pertaining to the first virtual 
private server associat e d vrith tho us or. 

37. (Previously Presented) The computer program product of claim 21, further 

comprising: 

program code for disallowing execution of the call to the operating system in response to 
the intercepted call to the operating system comprising a call to the operating 
system for inserting a module into an operating system kernel 

38. (Previously Presented) The computer program product of claim 21, wherein 
program code for allowing comprises; 

program code for executing the call to the operating system. 

39. (Previously Presented) The computer program product of claim 21, wherein 
program code for intercepting the call to the operating system comprises: 

program code for loading a system call wrapper, 

program code for saving a pointer to the call to the operating system; and 



9 



2181 6/04953/DOCSn 637356 2 



PAGE 11/18' RCVD AT 711 8/20D6 1 2:19:35 PM [Eastern Daylight Time] ' SVfcUSPTO-EFXRF-1/9 * DNIS:2738300 ' CSID:6509385200 * DURATION (mntss}:0444 



JUM8-06 09:17AM FROW-Fenwick & West Mountain View 



650 938 5200 



T-902 P. 01 2/01 8 F-642 



program code for replacing the pointer to the call to the operating system with a pointer to 
the system call wrapper, such that the system call wrapper is executed when the 
call to the operating system is invoked, 

40. (Previously Presented) The computer program product of claim 39, wherein the 
pointer to the first call to the operating system comprises a system call vector. 

41 . (Currently Amended) A system for virtualizing super-user privileges in a 
computer operating system including multiple virtual private servers, the system comprising: 

a virtual super-user designation module for associating a user with a first virtual private 
server, the first virtual private server comprising a first plurality of actual 
processes executing within the same operating system as a second plurality of 
actual processes com prising a second virtual private server, and for designating 
the user as a virtual super-user; and 

a system call wrapper for intercepting a call to the operating system for which actual 
super-user privileges are required, the call made by a process located in the 
compute? operating system, the process owned by the user, and, in response to the 
intercepted call to the operating system pertaining to the first virtual private server 
assooiatod with tho u s of , granting actual super-user privileges to the user and 
allowing execution of the call to the operating system. 
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42. (Previously Presented) The system of claim 41 , wherein the system call wrapper is 
further configured to withdraw the actual super-user privileges from the user after execution of 
the call to the operating system. 

43. (Previously Presented) The system of claim 41, wherein the virtual super-user 
designation module is further configured to assign a virtual super-user identifier to the user, 

44. (Currently Amended) The system of claim 43, wherein the virtual super-user 
identifier comprises a super-user identifier and an indication of the first virtual private server. 

45 . (Currently Amended) The system of claim 4 1 , wherein the virtual super-user 
designation module is further configured to assign a user identifier to the user and store the user 
identifier and an indication of the first virtual private server associated with the usof in a virtual 
super-user list. 

46. (Previously Presented) The system of claim 41, wherein the system call wrapper is 
further configured to assign a super-user identifier to the user. 

47. (Previously Presented) The system of claim 41, wherein the intercepted call to the 
operating system comprises a call to the operating system for accessing a file. 



11 



21816/04953/DOCSyi 637356.2 



PAGE 13118 * RCVD AT 7/1812006 12:19:35 PM [Eastern Daylight Time] ' SVfcUSPTO-EFXRMfl) * DWS:2738300 1 CSID:6509385200 * DURATION (mm-ss):04-34 



JUL-18-06 09:18AM FROM-Fenwick & West Mountain View 650 938 5200 T-902 P. 014/018 F-642 



48. (Currently Amended) The system of claim 47, wherein the intercepted call to the 
operating system pertains to the first virtual private server associat e d with tho - iiso E when the file 
to be accessed is associated with the first virtual private server. 

49. (Previously Presented) The system of claim 41 > wherein the intercepted call to the 
operating system comprises a call to the operating system for terrninating a process. 

50. (Currently Amended) The system of claim 49, wherein the intercepted call to the 
operating system pertains to the first virtual private server associated with tho noor when the 
process to be terminated is associated with the first virtual private server. 

5 1 . (Currently Amended) The system of claim 41 , wherein the intercepted call to the 
operating system comprises a call to the operating system for terminating all processes associated 
with the first virtual private server, and wherein the system call wrapper is further configured to 
identify each process associated with the first virtual private server and terminate each identified 
process. 

52. (Currently Amended) The system of claim 5 1 , further comprising: 

an association data structure for storing associations between processes and virtual private 
servers, wherein the system call wrapper is further configured to identify each 
process by its association with the first virtual private server in the association 
data structure. 
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53.-55. (Cancelled) 

56. (Currently Amended) The system of claim 4 1 s wherein the system call wrapper is 
further configured to disallow execution of the intercepted call to the operating system in 
response to the intercepted call to the operating system not pertaining to the first virtual private 
server associated with the ueof . 

57. (Previously Presented) The system of claim 41, wherein the system call wrapper is 
fiirfher configured to disallow execution of the intercepted call to the operating system in 
response to the intercepted call to the operating system comprising a call to the operating system 
for inserting a module into an operating system kernel. 

58. (Previously Presented) The system of claim 41 , wherein the system call wrapper is 
further configured to execute the call to the operating system. 
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